1

Ch 3: Block Ciphers and Data Encryption Standard (DES)

Fourth Editionby William Stallings

Lecture slides by Lawrie Brown(modified by Prof. M. Singhal, U of

Kentucky)

2

Modern Block Ciphers

• look at modern block ciphers

• one of the most widely used types of cryptographic algorithms

• provide secrecy /authentication services

• focus on DES (Data Encryption Standard)

to illustrate block cipher design principles

3

Block vs Stream Ciphers

• block ciphers process messages in blocks, each of which is then en/decrypted

• like a substitution on very big characters– 64-bits or more

• stream ciphers process messages a bit or byte at a time when en/decrypting

• many current ciphers are block ciphers

• broader range of applications

4

Block Cipher Principles

• most symmetric block ciphers are based on a Feistel Cipher Structure

• block ciphers look like an extremely large substitution

• would need table of 264 entries for a 64-bit block • instead create from smaller building blocks • using idea of a product cipher

5

Ideal Block Cipher

6

Claude Shannon and Substitution-Permutation Ciphers

• Claude Shannon introduced idea of substitution-permutation (S-P) networks in 1949

• form basis of modern block ciphers • S-P nets are based on the two primitive

cryptographic operations: – substitution (S-box)– permutation (P-box)

• provide confusion & diffusion of message & key

7

Diffusion and Confusion…

• Diffusion:

“The statistical structure of the plaintext is spread (dissipated) into long-range statistics of the ciphertext.”

• Achieved by having each plaintext digit affect the value of many ciphertext digits.

• Objective is to globalize the local affects.

8

Diffusion and Confusion…

• Confusion: “Attempts to make the relationship between the ciphertext and the encryption key as complex as possible.”

• Achieved by using a complex substitution algorithm.

• Even if an attacker can have some handle on the statistics of the ciphertext, it is very difficult to deduce the key.

9

Feistel Cipher Structure

• Horst Feistel devised the feistel cipher– based on concept of invertible product cipher

• partitions input block into two halves– process through multiple rounds which– perform a substitution on left data half– based on round function of right half & subkey– then have permutation swapping halves

• implements Shannon’s S-P net concept

10

Feistel Cipher Structure

11

Feistel Cipher Design Elements

• block size • key size • number of rounds • subkey generation algorithm• round function • fast software en/decryption

12

Feistel Cipher Decryption

13

Data Encryption Standard (DES)

• most widely used block cipher in world • adopted in 1977 by NBS (now NIST)• encrypts 64-bit data using 56-bit key• has widespread use• has been considerable controversy over

its security

14

DES History

• IBM developed Lucifer cipher– by team led by Feistel in late 60’s– used 64-bit data blocks with 128-bit key

• then redeveloped as a commercial cipher with input from NSA and others

• in 1973 NBS issued request for proposals for a national cipher standard

• IBM submitted their revised Lucifer which was eventually accepted as the DES

15

DES Design Controversy

• although DES standard is public• was considerable controversy over design

– in choice of 56-bit key (vs Lucifer 128-bit)– and because design criteria were classified

• subsequent events and public analysis show in fact design was appropriate

• use of DES has flourished– especially in financial applications– still standardised for legacy application use

16

17

DES…

• Initial Permutation (IP): The plaintext block undergoes an

intial permutation. > 64 bits of the block are permuted.• A Complex Transformation: 64 bit permuted block undergoes 16

rounds of complex transformation. (Using subkeys)

18

DES…

• 32-bit swap: 32 bit left and right halves of the

output of the 16th round are swapped.• Inverse Initial Permutation (IP-1): The 64 bit output undergoes a

permutation that is inverse of the intial permutation.

>The 64 bit output is the ciphertext.

19

20

DES

• The complex processing at each iteration/round:– Li = Ri-1

– Ri = Li-1 F(Ri-1, Ki)

•Details of function F: It takes 32 bits input and

produces a 32 bit output.

21

DES

• Details of function F: >32 bit input is expanded into 48

bits. -This is done by permuting and duplicating some bits of 32 bits. >Exclusive OR operation is

performed between these 48 bits and 48 bit subkey.

22

DES

•Details of function F:... > 48 bit output of the

Exclusive OR operation is grouped into 8 groups of 6 bits each.

> Each 6 bit group is fed into a 6-to-4 substitution box that transforms 6 bits to 4 bits.

23

DES

•Details of function F:... > 32 bit output of 8

substitution boxes is fed into a permutation box.

> The 32 bit output of the permutation box is F(Ri-1, Ki).

24

DES

•Concerns about:– The key length (56-bits)> 56 bit key was adequate in 70s.> With faster processors, this

encryption method is no longer safe.

25

Time to break a code (106 decryptions/µs)

26

Triple DEA

• Use three keys and three executions of the DES algorithm (encrypt-decrypt-encrypt)

• C = ciphertext• P = Plaintext• EK[X] = encryption of X using key K• DK[Y] = decryption of Y using key K

• Effective key length of 168 bits

C = EK3[DK2[EK1[P]]]

27

Triple DEA

28

Cipher Block Modes of Operation

• Cipher Block Chaining Mode (CBC) - A method to increase the security of DES or any block cipher.

– The input to the encryption algorithm is the XOR of the current plaintext block and the preceding ciphertext block.

- Processing of a sequence of plaintext blocks is chained together.

29

30

Basis of Cipher Block Chaining…

ii1i1iiK1i

i1iiK

i1iKKiK

i1iki

PPCC][CDC

)P(C][CD

)]P(C[ED][CD

]P[CEC